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(54)Title: PUBLIC KEY CRYPTOGRAPH AND KEY SHARING METHOD 



(57) Abstract 

A cryptograph communication method using 
public key cryptograph in which a sender creates a 
cryptogram by using a public key of the receiver by 
means of a sender device (100) and transmits it to the 
receiver device (200) through a communication line 
(300), and the receiver decrypts the cryptogram by 
using a secret key, wherein a procedure for 
encryption and decryption is so established to provide 
the features of security both the Rabin cryptograph 
which is one-way against chosen-plaintext attacks on 
the condition of difficulty of the problem of 
fractionization into prime factors and the ElGamal 
cryptograph which is strongly secret against chosen 
plaintext attacks on the condition of difficulty of the 
problem of Diffie-Hellman determination. Further 
while keeping secret the true plaintext space, the size 
of the plaintext space is reduced in order to use the 
space for key delivery of common key cryptogram. 
Thus a public key encrypting method and a key 
sharing method using the same are provided in which 
it is possible to prove the security on the condition of 
the problem more difficult than conventional, and 
high efficiency processing in the calculation for 
encryption/decryption is possible. 



as««mtSBioo 




/ 



Is 



') J r—: >3>a| — ioos 
»a«MB t— 2008 
aWIIIB "V - 2006 



a«gm 



KJ0W8K4OO 




1C7J-K 



403 










1 awinna 1 







/*'J402 

»«»<HK«200 fvnm. 



I ass! (— 



2001 
2002 
2003 



z 



I 8W<t t— 200 4 

Xrt'iT— 'sa>at — 2005 



flfflWW T- 2006 



I BgillW t -2007 
EMlMlj- 2008 



105... IC CARD READER/WRITER 

106. . .DISPLAY 

107. . .KEYBOARD 

100. . .SENDER DEVICE 

1001 RANDOM NUMBER GENERATION 

1002 . . .EXPONENTIATION 

1003 . . .REMAINDER CALCULATION 

1004 . . .ENCRYPTION 
1005. . .APPLICATION A 
2008 . . .ONE-WAY FUNCTION 
2006 . . .PUBLIC INFORMATION 

102 MEMORY 

103 . . .COMMUNICATION DEVICE 
1006 . . . CRYPTOGRAM 

2006 PUBLIC INFORMATION 

300 COMMUNICATION LINE 

400. . .THIRD-PARTY DEVICE 
403. . .COMMUNICATION DEVICE 
2006 . . .PUBLIC INFORMATION 
402. ..MEMORY 

205 ... IC CARD READER/WRITER 

206. . .DISPLAY 

207 . . .KEYBOARD 

203. . .COMMUNICATION DEVICE 

200. . .RECEIVER DEVICE 

202 MEMORY 

2001... KEY GENERATION 
2002. . .EXPONENTIATION 

2003 . . .REMAINDER CALCULATION 

2004 . . .DECRYPTION 

2005 . . .APPLICATION B 
2006... PUBLIC INFORMATION 
2007 . . .SECRET INFORMATION 
2008. . .ONE-WAY FUNCTION 



(57)^ 



+ 



m i I #t U T 3£ IK g T to h E 1 G a m a 1 © # © ^ 4fe 14 © # *t £ #f 3# O 



ae T7 7'-arfi:Hiii» 

AG T>7-4 77 • '<--?-¥ 

AL TA-/<=-T 

AM 7>\>*-7 

AT 5*--* by 7 

AU t-7b7!/7 

AZ T v=-V > 

BA *X=7 "v^7a = tt 

B B '<J\"< 

B E *</l>*r— 

B F -?>vi(-f • 7 r V 

b g rrivu y r 

B J 

BR r7'» 

BY ^ 7 /I' — > 
CA 

CF f*77H* 

CG 3V=f— 
CH 

CI = — t-i'stfr— A- 

CM >• 

CN t>B 

C R = ^ ^ • 'J * 

CU 

CY =*-?*o* 

CZ •Tx.ti^' 

D E K-< 3* 

DK f^-^—O 



DM 


KS -* 


KZ 


DZ 




LC 


EE 


h-7 


L I 


ES 




LK 


F I 


7 -i -y > K 


LR 


F R 




L S 


G A 




L T 


GB 




LU 


CD 




L V 


GE 




MA 


GH 


7- 


MC 


GM 




MD 


GN 




MG 


GR 


* y 


MK 


GW 






HR 




ML 


HU 


^#y- 


MN 


1 D 


l'^ K^ VT- 


MR 


I E 


T-t'/t'^ V K 


MW 


I L 




MX 


I N 




MZ 


I S 




N E 


I T 


-f#!l7 


NL 


J P 


0* 


NO 


KE 


*-7 


NZ 


KG 




P L 


KP 


*«» 


PT 


KR 


©H 


RO 



jbify^^v RU 

■\Z>hi^>7 SD 

I) \L=r'si/=. 9<< > S E 

^ y • 7^* SG 

U ^D7 SI 

h sk 

y h T — T SL 

/W^-fe>'7'/l'y SN 

7h?-(7 SZ 

* o •;/ = T D 

*7-=> TG 

V?7 T J 

-*#137,-))iV TM 

-77- K=T IB — =**5 l^-fT TR 

itfaB TT 

TZ 

*V=rA- UA 

<)?-7 UG 

771)^ us 

UZ 

tfyt-? vn 

= v?i-/U YU 

tfVi' ZA 

ZW 

• !/-7>' K 
/V—-7=-7 



JWi— r^- 
v-Vst/stf-A- 
^n ffx.=-7 

•fc*#A^ 

f-r- K 

h y = K • t-/<=f 
9^-7 

9 >" 



WO 00/45548 



PCT/JP00/00475 



1 

m m m 

& m m m^z m t ^ tz m^m m -n & is j; zfm& mum k m -t 

5 <S o 

• JCffl. 1 TR. L. Rivest, A. Shamir, L. Adleman : A method for ob- 
taining digital signatures and public-key cryptosy stems, 
Commun. of the ACM, Vol.21, No. 2, pp. 120- 126, 1978. J (£f-iic 

& Z> o 

• 3C$k 2 rv. S. Mi 1 ler : Use of Elliptic Curves in Cryptography, 
Proc. of Crypto'85, LNCS218, Springer- Verlag, pp. 417-426 

15 C 1 985) J , 

• JC&k 3 TN.Koblitz: Elliptic Curve Crypto.sys terns , Math. 
Comp., 48, 177, pp. 203- 209 ( 1 987 ) J ^ iC f£i£©fif R ft& l^tz 

20 U/:fc®{i, 

•3t^4 TM. O.Rabin: Digital Signatures and Public-Key En- 
cryptions as Intractable as Factorization, MIT, Technical 
Report, MIT/LCS/TR-212 ( 1 979)J C Ifigc $ tlT I ^ m^Jjtiz, 



WO 00/45548 




PCT/JP00/00475 



• JCffl. 5 TT. ElGamal : A Public Key Cryptosystem and a Signa- 
ture Scheme Based on Discrete Logarithms, IEEE Trans. On 
Information Theory, IT-31, 4, pp. 469-472C 1 985) J (IIB<££ ft 
Tl^Bg-^&, 

5 • JCffii 6 rs. Goldwasser and S.Micali: Probabilistic Encryp- 
tion, JCSS, 28, 2, pp. 270-299 ( 1 984) J flf£i$c £ tlX Bg-Sf 

• 7 TM. Blum and S. Gol dwasser : An Efficient probabilis- 
tic public-key encryption scheme which hides all partial 

10 information, Proc. of Crypto'84, LNCS196, Springer- Verlag, 
pp. 289-299 ( 1 985) J K f£fc $ tlX I ^ Bf 

• 8 TS. Goldwasser and M.Bellare: Lecture Notes on 
Cryptography, ht tp : /www-cse. ucsd. edu/users/ mihir/ 

( 1 997) J Cf£«c$ftTl^B£-§-;fri&, 
15 • 3£S£9 TT. Okamoto and S. Uchiyama. A New Public-Key Crypto- 
system as Secure as Factoring, Proc. of Eurocrypt'98, 
LNCS1403, Springer Verlag, pp. 308-318 ( 1 9 98 ) J Clfii^tlT^ 

* fc, S5?B&^X^SSJr*f UT^^ttll^Frtfe^^jfec*: Hit 
20 • XiU 0 TD. Dol ve, C. Dwork and M. Naor. :Non-malleable cryp- 
tography, In 23 rd Annual ACM Symposium on Theory of Com- 
puting, pp. 542-552 (199DJ ir $ til l^S B£ -^fe. 

• SCffltll m. Naor and M. Yung. : Publ ic- key cryptosystems pro- 
vably secure against chosen ciphertext attacks, Proc. of 

25 STOC, ACM Press, pp. 427-437 C 1 990) J dfEt££ ftT 1^6 Bg-§-^^, 

• ;£E12 TM.Bellare and P. Rogaway, . Optimal Asymmetric En- 



WO 00/45548 PCT/JPOO/00475 



cryption - How to Encrypt with RSA, Proc. of Eurocrypt'94, 
LNCS950, Springer Verlag, pp. 92-111 C 1 994) J tr ftT I ^£ 

Bg 

• JCWllZ TR. Cramer and V.Shoup: A Practical Public Key 
5 Cryptosystem Provably Secure against Adaptive Chosen Ci- 
phertext Attack, Proc. of Crypto98, LNCS1462, Springer- 
Verlag, pp. 13-25 C 1 998) J triS«S 2 tl T t ^ Bg -$§-;& j£, tz£fi<%Q<h 

£ tz, 

10 • :£SU4 TM. Bellare, A. Desai, D. Pointcheval and 

P. Rogaway. : Relations Among Notions of Security for Pub- 
lic-Key Encryption Schemes, Proc. of Crypto'98, LNCS1462, 
Springer Verlag, pp. 26-45 C 1 998) J Tte, I ND-CCA2 CiSlSWiSiR 
IgfXaSl^lT^iTfeSIi) £NM-CCA2 CMfcKjMiRm^X. 

20 l^^^o SBE^ F^M «fc *9 t>fg#^P9®^»? < - iTXi i ©Bt^-^r 



WO 00/45548 PCT/JPOO/00475 



l^o Pl-Of^tfcoT fcBg-t^t^^-fbf £5WBg-^T&£ 

5 izib, XW^KD^mj-mco £ 9 fcftgjg^ J&iJ&SOjft^tli- tittle 

£ fc N XiSt 9 ©Bt (I #t-T &3c^tt( semantic 
security)**, ^19 <*> K T/£« $ ftT ^ £ p- P^H © fflitt t # 

Jgii*£+#te^i&:&<te SftTfc t»-r, ^©SIi14fro!^TM £>ftx 

<i\ 9 ©Bf ^#i£©^#fi?l%£$JWKtT9 C ti<|ij*Tl*K 

15 &7jk-t^ i^SS Lt^o 

£iSU3(lEi|£©Bg^}£(i. {!§£*£© Bf-^&^ffi^T 

as^sait $g£LMf§©^&-^* ? hv-?mm(D%mm^& 

<-5iH$ntl^5. -nt»1flS«IUC*;^T{ix ft IT IE ft 
Ti^SM. m^-ffi^SITli. saltern h=j;b©/cfeir. jt*?-* 



WO 00/45548 PCT/JPOO/00475 



@©ft^fiKj^^^^iu^i l tow -cpa (miR^^c^m^m it-^ 

ft) ^^IND-CPA T & £ C £ ^'fiE^ «J 

CCA2£/cteNM-CCA2T£>3 CI «t *<IE m rT t£ ft ^ H§ & Bg^#& £ tt^-f £ o 
10 ^fSWdct ^Bf-t^-j^(i, fif^Mfdit^T, Bf m-^^MS©^(Cst 
< *££^ v^-«©M^^ < , ^^^^S^"5Jt6 t/iS e 
£tz, ^^BJ©ftfe©g itlf 7='-^ £Bg ^-Yk^-^>l^©It#fc J;^ 

Bg-^-Yk-r-^^^-^^-r ^^©it^:©^^^/h$ < , mwmm m&wm 

(1) Xt4 (rlB«Sc©Hf^-^r^ (RabinBg-^-) j&s'Jfo. g ¥ & # 3i K 
20 *fUT — 2FfRlt£ (OW-CPA) # IE W RT IE # # 8fc £ , 3titK 5 fC K *&©;£}£ 
(ElGamalBf^-) #Jt-ogiR ir *f L T &!& gtt (IND-CPA) j&< 

^ftlftiCt;};, B|f^^*-«^||$nSWRB^ G=(Z/n)* (n = p d q) (IftU 
25 T, ¥£^£(0, 2 k ~ 2 )£-T£ (l&U k=|pql) o 



10 



20 



25 



WO 00/45548 PCT/JPOO/00475 

6 

m wl ^ © a ti m { c m u r vm w m s ? o *j cfc -r - 9 © is ^ \ z x % m n % 

ft? o 

• P, g ■ p = 3 (mod 4), 9 = 3 (mod 4) 

• s £ Z, ij/i s = 1 (mod pg) 

• 0 € Z, a/9 = 1 (mod lcm(/> - 1, g - 1)) 

(p, q, s, £) £fF/&U ZZIZ, 



• a,g,h,k,l € Z (0<5,/i<ti) 

• n = p d g (</ tt-SHSfc) 

15 (n, g, h,k, 1, a) £fP/& U (ill, ktepqCDfc: -y hfi) 

&^#t*. ¥£m (me {0, 1} 6 ) C^lT, 



m, = (mO* 1 ® <7(r)) || (r 0 /f(mO kl © G*(r))) (0 < mi < 2*~ 2 ) 

£ft^L ({II, 0<r<2 k0 , G:{0, l} k0 -{0, 1} 5 +kl , 
H:{0, 1} 5+kl -{0, l} k0 , (251^ ^ >^AllT^f). 
0<m l <2 k_2 i:1-^o ), $ & J~ JacobilB-^-a = (mj/n), fccfctf, 

C = rn 1 2a g r ' mod n, £> = /i r ' mod n 
£ft# U (C, D, a)^Bf#^:i UTgrlf ^{r^jf-T^o 



WO 00/45548 




PCT/JPOO/00475 



%.m%\±, £M(DM®M (p, q, s, /S ) £fflt^T, Bg^:fc (C, D, a) £ , 

= (CD 5 ) ^ P « + ' mod p, 
m li9 = (CZ} 3 )*^ 1 mod 9 

0 

0 (-m lf p , -m 1( q )©9 t>, (x/n)=a^oO(x<2 k "%i/;tx^i» , ] iL 
Tth^-rSo <BU 0 ii4»HA©*J^^S{r J; ^z/(p) xz/(q)^ 

10 ^^{I, m'j =s' | |t' (s'(im'jCD_h#n t"y b, t'liTttk 0 t*y h) (I 

m'= A 5 '®^'®^^'))]"*^ if [*'©<?(*' =0*> 
I * otherwise 

15 £tmU C^l^^k^ifS. (IL, [a] n fc J;L>*[a] n (±^n 



WO 00/45548 PCT/JPOO/00475 

8 



14 EE m $ n tz B£ ^ ^ it (D i£ us T h % tz tb . ^^aO^^ttO^HE*^' 
l^iMB|^- N 'iffSMa4 0#2-^-. ppl70, 173. ( 1 999. 2)J 



5 IS ffi © IS i^tft^ 

10 5-a©f@ifc) feJ:LK^^14©Jtt3£^^-r®-e*)^o 



(vg^it^wmw, £ tzitmrn mmmwt t^-? ) 100. 

20 tf. m-^-'fk^^MSffi-r^ =i > («-^b^#Jig«. 2^li§:1f# 

#J^fi<hk^9) 200. fc«kCJ\ m 3^>&^ffi-r^» =f > t° ^-^ (^3 

Bg-5Hb##Jggl00. m-^-Yb^#J^tt200{is -en^tlCPUClOK 
201). <£l£lfl£S^- K-r>f — ^ISlSSIffiT-$fj£$ft 

25 £^*U(102s 202). iHf!£S(103. 203). /<X(104. 204)KckoT 
*lJ&$ft. $ t>i:f^ (106. 206). fccfcO*. K(107. 



WO 00/45548 PCT/JPOO/00475 



105, 205/6^<Xl 04, 204(l^^^nrt^o 
5 is CPUlOl^H^-T^^o 7 s ? U i^WLt^-o) is ^-*'-K107-^ 

m^Jt^mmmoovj -t y 202 k t*, j^T©#^js^jd^-r#fiitfg 
10 £B£-5§-;a:£s s^-ffc^n-cr -r x^u-r 206-^iift m^300(caj^j$n-s 

^^-^-^ (iiff-^-^) ft -5 0 

^f£2001 £ffl<^Ts IB®1f fgi£lfl1f fR^f^fiJc-rSo <k^1f$6tes ilia 
M300tt LTffi^J L, i£lf ^#J^filOO-Nil#t-^>^, £/cii&- 

&^#ffiOgglOOrt©Bg-^fc^m004li, Sl3££/&^l£1001£ffl 

20 titfB2006£2£i::L/cff-££, £ mW^&l 002, *J&&2r^g:l003£ 
ffl^TtT-5o Bg-5f 3fc (is ilff ^ttl03£ffi^TiIlf 0^300^-^ 

LTSff ##JSB200fC2Hf -T&C i^T£ £ Q 

£^flflgg2OOrt0«-^fc^&2OO4li, gfl L/c IE -s§- 
(Sff SftT^S±i2IB&titfR2007£2£i::.. <^£f?i|f^lS:2002, I£J#dl 

25 £¥!S:2003£JB^TfT-5 o 



WO 00/45548 PCT/JPOO/00475 

1 0 



(H5£#<J 1) 

i£jf f=-:? m^Bf ^-ii^f c «k -^Titff -T S^co^r^tSo 
5 1 . 

• h g <nn&m- 

• s € Z, = 1 (€ G) 

• a -1 € Z 

10 IB (H, s. a _1 ) £f£J5£ U (ffi U a _ 1 iiW P£g¥H©ft$fc£- & 

• G : fR7-^8 

• H' : H 

• g,h€G 

15 * aeZ 

Strait fg (G, H\ g,h,a) ^f^jK-T'So 
2. Bg^-^fc&g 

(l)£Hf^A(i, ^(£H')!:tlT, £L&r££/iScU $ £> K 
C = mY, D — h T {eG) 

2 0 

$ Bf-^^(C,D,a)^^<f##J^e200{riHf-r^>o 
25 (2) gjff^Bii, «f#UT^£Jiia5$®fif$R (s, a" 1 ) £ffi^TBg-5§- 
;fc(C, D, a)^ £>, 



WO 00/45548 PCT/JPOO/00475 

1 1 



rh = (CD s ) a ~ l (€ H) 
(Hifcfll 2) 

• p, q '■ ^tlcSC, p = 3 (mod 4), g = 3 (mod 4) 
0 • s € Z, = 1 (mod pq) 

• p € Z, a/3 = 1 (mod lcm(p - 1, 9 - 1)) 



ttSMfiffB (p, Q, s, £) £fPi£U 
• a,g, h, k, I € Z (0 < 5, A < n) 

15 .n = p rf 9 (<m-^&) 



tt£4^1f ffi (n. g, h, k. 1. a ) £fl:jjJc-f *o (fil, klipqOt'-yh 
^) 

20 (l)3Ht#AJ±. fXi(0<ii<2 k " 2 )[a=tlT, SLMr (O^r^l) 
C = m 2a g r ' mod n, D = /i r ' mod n 



25 



WO 00/45548 PCT/JPOO/00475 

12 



( 2 ) gff # B (i, bT(^£±Efc^1i IS (P, q, s, /3 ) ^/gi^THf 

-5§-:£C(C, D, a)j^ t>, 

5 

m llP = (CD 5 )^ mod p, 
= (C£>*)^V^ mod 9 

£5t^L, ^ (m l,p' m l,q)' ^ (- ffi l,p' m l, q ). ^( m l,p»- m l,q). 
10 £ (111, 0 li'fHAOfJ^SgSK J; £Z/(p) xZ/(q)^ t>Z/(pq)-v© 

15 UT^£l¥i^^f££:C i^^-T- <t*<T# £o -ftefr^, £>3 (n 

20 ^H^^^r^Uck ^ fcBI^i) f^3I£#K y;n/y XA£f#/&-r£c t 

fie-Hellman&^JHJ M^frlp 

25 

A> (h,g,h r ,g r ), 0<r<l, 

Di (h,g,h r ,Xg r ), X = (x/x') 2q mod n, 0 < x,:r' < 2*~ 2 





WO 00/45548 



PCT/JP00/00475 



1 3 



*li|B^fC«k S^TSlir *J^T. Bt^-3t (CD, a) m £ff-g-f 



t>, *mMffllZ&^T, Bg-^X (CD, a) frt>¥$: m £ff-J£-T £ T;l/ 

10 THf^"3t (C, D,a) ^£>¥:£ m £ tiWt Z> T )l> zf V X A (*£D t> tit ^ 
Jtt^o C©f"*!:^^T, ^^f^©^3t^^{lfcij"^»^^:14ii^Hifc^- 
*?P5J® J: t> t> SUIT* 5 o 

SEBjm, Bf-5§-;£ (CD, a) frb^X m ^ft^f £ T^n" 'J X A (r *f 

• Bf^-^C (CD, a) frZW-X m ^iilt £ ft C ^$Tft3f-f 5 d «t © 
■C$-5I$W^^lflffl7;l/^'JXA Adv ^tfcttS. d©£ 
20 #, Adv *;l/<t LT, n ©3&H»#A¥£f!!lfJiT # # ^3$TfT9 

si^w^^^Bf S7;^ "J xa a wmmTS z z. t&TF-to 

•A {i^^^C&tf&^lfl^ (a.n.g.h.l) i:?flT, m'GZ 
(0<m'<2 k ~ 2 ), r* EZ (0<r'<l) J; a* £{-1,1} ^-ii:!^, 



25 £fH£U Adv CAAtS, 

•^©it, Hlf-^-X (CD', a') J± IE U ^ B|f :£ <t 1^ b 56 



' 2 a „r' 



g mod n, 



D' =h r mod n 



WO 00/45548 PCT/JPOO/00475 

1 4 



~iz.tfrt>, Adv {trnfo-C'^tm^mm-cm^-x (c\D\a') ©¥;££- 

• m* 2 mod{pq} ©M©4oi^ m j » m 2 , mg, m 4 tbt, £ £> d 
mjimg^O mod{pq} m 3 + m 4 = 0 mod{pq} tf< foiL"? 2> £ tix./tZ"? 2> „ 

5 ©it, Adv flfcU- S^Ytirfc^T, Bg-^-X (CD', a') ©IE 

Lt^¥^©f51I^lilxF^ (0,2 k ~ 2 ) T«:^^, lilHoicg 

• C ©^o rt: 2 o Coffin *J^TI*#* Jacobiffi-5§-©lfi:^Jtte Ki 
IZtlZo iot, A a' C^LT $(m'/n)^a' T£>& 

10 A {*y;l/=f >J XA Adv ^b*ao¥X^5:i^tl5o 

■i-^T, Adv ©ffi# m" i:^lt, 1/2 ©Sg^T' gcd(m' -m* ' , n) 
frt> n OfStWi^^o 

^^B^frJ: ^^^©^^MIIfCM-r^^^liii, *iJKBft£ 
15 Diff ie-Hellman & £ jg © S St t£ t ^fflfi"C*> 0 s ^©fEBjm. IKta, 
^tUt 5 (riatSc©ElGamalBf ^-^Diff ie-Hellman 5£ JH © ffl Si 14 £ HU 

?t£t>?>^ r t> L$iJP£tt£Diff ie-Hellman & 5£ J@ £ JS? < T ;l/ ^ U 
XA^^tnii, i|*jlT # & t^fil^Tbe {0, 1 ) (encryption ora- 
20 cle tffro fc3-f y hxcDJ&m) £ jE U < ^^0"^ £ T;l/=/ U X' A 

^'JXA^Wtlll *ft£/^T*lJRSti-#Diffie-Hellman 
(^JI^J 3) 
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1 5 



"fi6^.i6 ^tltzK^^^Wtz-^tz^^^^mt U 11^ 1 (tfcli 

5 mmm 2 > ojs&iz £ Bf-^tu ^f^temg^j 1 (i/ciiiM 

Ufr^tzhOtZhtl-to ) 7LSttd:(i. lit 7 t-y 

£ 2 ®£l±.m*)M IstzbCD&W-Xti-Ztl f(D^mi:, fttz-ttZZ t7b< 
10 T££o 

^#>£#> t>titzMm®&>2> / v -t?- ^£2JD;t /cl*l^^¥;£in£ 
U ^Jfc#J 1 (l/:liiifiJ2) O^&Kcfc ^ Bg-§§->ft U, ^ft^telM 
m 1 (£ /cteHJStfiJ 2 ) (DJjfelZ J: ^ ^P3tm Zm^ltL, =?#>'%.&t>tl 
15 -tr- v©F*lW£5gfS!^-3 (feU ^#>;£a6 ^n/c^Bfc 

;tit»©Ml?S(i, Bt^->fb^©ioo4. m-5§->ft^l3:2 004{c*?t 

20 ^©j;-?^^^^^^, nm^j 1 &<kammm 2 ©^isnBg-^xUi, 
ammrn 4) 

25 ^mmmx'it, mmmix^tzm^mm^-&^7t^^ $^ti, 

fate— #ft&Kifc£ffi^£-;fr-t±3 &©t&£ 0 :tii:i^ iH<f#iS 
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1 6 



1 . ii^Ml 

io §rif#B{i, ^m^'j i tuannc, wmm m (h, s, a -1 ) ££^it$g 

(G, H', g, h. a ) £f£jdt-f £ 0 f^B#(r^|fltf fg ilT> — Jfft&mWL f 
2. «£i§#LS 

l£UT> T?" >J ^r- v- a >A^o >f=7 A1005(is *i§ISK£-ffl ^TBg-f-ffc 
20 7£©¥^m^ft^Us $£>fC, ~:frft1£|!5m#I3:2008£/B^T, 
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1 7 



\n f £ fe^Tii, ^mmmor-f u y- *> 3 >b>^o ^5 A2005 
5 a^^-r s c < $*-r fit, tii&w^sg^^^nc^^^^f^s 

CUM 5) 

10 a ©fFJ&yji&£ ^tttoK^-T fectiSo 

1 . m$Lj&mm 

SffBli, ^JfctfiJ 2 IB® If fR (p, q, s, 0 ) ££H§1f#g 

(n, g, h, k, 1, a ) (ill, ktepq© t* 7 hi) t5o 

15 2. ®BB3l^a 
(fSJfctffl 6) 

S£lRl±$-tb5 Z t& § £fr <t LT, n = p d q ({BL, d ti 3 J£l_L©3fgt) 
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• p, g : MWt, p—3 (mod 4), q — 3 (mod 4) 

• ,5 e Z, a/3 = 1 (mod lcm(p - 1, ? - 1)) 

tt£$i^1f$g (p,q, £) £fF/z£U 

• n=p d q (<£ 

teS&^lf (n, k, a ) (ill, klipqO t" *y hg^ff) 

o 

15 2. Bgg^fc&g 

( 1 ) mm^Alt, ¥£m (me {0, 1} 6 ) SLtfcr (0<r<2 k0 ) 

mi = (mO* 1 © G(r)) || (r © ff(mO fcl © G(r))) (0 < m, < 2 fc ~ 2 ) 
20 Zstn-tZo ill, G: {0, l} k0 -M0, 1} 5 +kl , H : { 0, 1 } 6 + k 1 -* 

{o,i} k0 , i±m%ti5>yj*mmT~&*), o<m l <2 k ~ 2 t-tz 0 

S&K, _Lf££§fltif fg£#T, Jacobii5-l-a = (m 1 /n), fccfctf, 
C = m\ 2a mod n, 

25 ^it^-r^o 

Bt^X (C, a ) £gff:£fliJgS200*::i£1f-f So 
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1 9 

(2) sft#Bti. ^WL-zi^±mmmmm (p, q, zm^xm^ 

mi )P = C < mod p, 
7n li9 = C < mod 9 

5 

*fff-J*U 0(m lfp .n lf q ). ^(-m 1>p ,n. l q ), 0 (m^ p , -m^ q ), 
0(-m l p , (x/n)--a^ofl<x<2 k " 2 ^i/;fx^m' 1 £ U 

Tlt^-r^o ffiU 0 ii^BACfiJ^^S^ J; £Z/(p) xZ/(q)^ £ 
Z/(pq)-N©^|5]M¥^^a-ro 
10 ^^^S204^ffi^T, m'j=s'| 1 1* (s'Jim'jtOJittn t*y h, 

t'liTtek 0 t*y h) C^IT, 



m' = 



[5' © G(t' e if (s'))]""* 1 if [5' © G(t' © #(*'))]*, = 0 fc » 
* otherwise 



15 ^ftlTU Zti&m^lt&gkt-rZ (ill, [a] n *>J;a*[a] n {i^tl^ 
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2 0 



10 



15 



20 



mm&iz£ tomm-tzz <ta<T£s«, 

£tz, *^JS^JT(i, Bg-^fc&g-e©*^ a 5 -mil 3 0 ( a = 3 © 
(HJfcfll 7) 

i . 

HJS^J2 £|i«fcm^ ^®1f$R (p, q, s. £) & §8 ft 18 (n. g, h, k, 1, 
a) ^Mt5c 
2. ng^-^fc&S 

i£4f^A(*, ^m^J6iI^t(C ¥3tm (0<ra<2 5 ) C?tlT, m j ^ 

^a6?>o mmm 2 tr^u zw-jcnizm-tzttnt mm^ it, 

a = (mj/n)£iHSt bx (C, D, a) £gfi#fl!lgiS200 KsHf-f -5 o 

glf^BJi, _LI2$BSg1#?R (p, q, s. /3) ^ffl^THt^-^:(C ( D,a)^^, 

<* (m l,p* nl l,q ) ' * (_,l l,p' B l,q ) ' ^ (H l,p'-"l,q ) ' * ( " m 1 , p' ~ m 1 . q } 
©9^, (x/n)--a^o0<x<2 k " 2 ^ifctfe©^m , 1 if^o £ £ K , 

m'^s'llt* (s'lin', CD_h&n t* h, t'liTttk n t*7 h) fCfcfbT, 



m 



^ [«' © G(t' © i^s'))] 71- * 1 if W © G(f © = 0*» 



* otherwise 
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Htt£fiJt§ t IT, IND-CCA2T&£ C t^Tji-f Z i*<T#5o 

irfcU-^-^©^ < j±, 9 ^£>S|/j§ U/c 0 
(HiStfiJ 8) 

io i . mmmmm 

mmm i tmmizrri^ mmmm (p. q. s, 0 ) ^nts fg (n, g , h, k, 1, 

a ) £fM-r£o 
2. Bfm-^-fbMa 
itlf#A(i, ¥£m (m£f0,l) 5 ) KfcfUT. SLifcr (r<E{0, l} k0 ) 
15 £igtf, $£>C, 

m, = (m © G(r)) || (r © ff(m © G(r))) (0 < mi < 2*~ 2 ) 

^ft^-r^o <&U G:{0, l} k0 -*{0, 1} 5+kl , H: {0, 1 } 5 +kl — 
{0,l} k0 , liS^tt^ >nK»T*>), 0<m 1 <2 k_2 c!:-rSo 
20 JtiE&Hitf fg£#T, JacobilB^-a=( mi /n), *j«tcf, 

C = m 1 2a $ p < m >) mod n, . D = h F < m *) mod n 

*st&-tZo §u F.-{o, n 6+k0+kl -{o, n^iii^^^ >yAMtfc 

25 $t>tr. Bg-tX (CD, a) ^ffiiJ^«200(Ciiff t5o 
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2 2 



0(m lp , m lq ), 0(-m 1? p , in 1>q ), 0 (m^ p> -ij f q ), 0 (-m^ p> -Bj. q ) 
©H, (x/n) = a^o0<x<2 k " 2 ^i/;t & ©£m'j <t UT#a6. ££fC, 
m' 1 = s' | )t' (s'{im' 1 ©±ten t* v h, t* iiTft k Q f «y h) CSltlt, 

5 

, fs'©G(«' ©#(*')) if (C, D) =■ (C, £>') 
* otherwise 

1Q C'-mi 2 ^^!) mod 7i, 5' = /i F ( m i) m od n 

M&ZMW-t IT, IND-CCA2T*>S^ i^^-TCl «h*<T^So 

15 S < i5 C £3&<nrtET£>£o 
(HM 9) 

#Hifc0!Hi. ill^J 7 O^T*5„ 
1 . H£/£MS 

7 £1^1 If (if?-? o 

20 2 . Bg^-^bMS 

3Ht#A{i, ¥3^m (raelO.l} 5 ) CtlT, 
SLtfcr (r£{0, H k0 ) 

mj = m || r 

25 ^H-ItSo fil, F:{0, 1} 5+k0 -{0. \) l \*M^U7 >^HS![Tfe 
*5, (Km, <2 k " 2 i-T S. 
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2 3 

Zh>iZ, Jifa^gfltf fg£#T, Jacobiia-^a = (m 1 /n), fcii^, 
C = m, 20 /'" 11 ' mod n, £> = /i F ( m >) mod n 

Hg-^^ (C, D, a) ^S^f##J^«200Ci^jf -r^o 

git^B(±, mmms tmmiz^ ±§zmmmm (p,q,s, zmi^x 

Bf -^^(C, D, a)^ t>, "« lf p . n lt q *Afc«>x 

0(» liP .B lf q ). ^(-B ltp .B liq ), 0(n liP . -■»!,<,). 0(-« 1(P . q ) 
(x/n)^a^oO(x<2 k " 2 ^i/;tfe0^i' 1( !:t^ o $ £ jc, 




K]*» if (C,D) = (C",L>') 
* otherwise 



C = mi 2 V (m ' l) mod n, D' = mod n 

#H;8£0flK«fc ^ifr&Tti, Diff ie-HellmanPaSJ ©SI 

tt^BUtii IT, IND-CCA2T&& d i^/7tC i^T ^ £ 0 

(HM^iJ 10) 

*Hm#m, IWJ 8 fc^tfUifcfl&J 9 dfct^T, ^f^t#J©ftm#J^ 
* to & to © m ^ f fc # i£ f r o in T izE ^ £ o 

C; = mi 2 V (m;) mod p', <~ = mi 2 -^'*) mod 9 

= A F ( m '»> mod p d , D' q = ) mod q 



WO 00/45548 



PCT/JP00/00475 



2 4 

C = C' V {modp d ), C = C; (mod q), 

D==D' p (modp rf ), D = D' q (mod?) 

fCfct). (C,D) = (C, D')^t5t5o 
ft •£ o 

(HifliW 11) 

10 if -T£ftl|:^tt£sBlt^500{CTstlt i£ff ##JM10 0 dig 

^2gJii, ft^t£#£|£1t$:#500 (#Jx. t* IC# - h\ ft3¥^#- 
K) ©rt^M^/Tt„ ft^^fg^^Ifilt^^SOO^, CPU50K 

#i£itsg& a~cDmmmwcmj&£n& / * u 502^ i/o 503. /<*504 

15 i:j;oTM$n> / * U 502 K ti N #«1i$R<hx CPU50 l^fT-T £ 7° 
n^7i (^l££t,^) I/O 503£^ LTA;>J$*i£> Ht-Sfrt;©** 

5004^\ y ^ U 502K4S^£ftT^&±f£&P€1f IS2006 £, 
20 l£5002, m&mn^&SOOZtZm^T, y-XmfrZ^fflft&mmm'ZsY 
»ls Sff^fflfligitlOOK&fo 

COjfeCiSis IC# - K500© + T£j& U/c^ >y -fe- S?m£, IC 

K5oo^n v&tsmmmmmmiooizzii b%\t>nzz <t# < 

25 j&f 3 £ £*<T# * So 
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500(i, ^Mb, 

m' = m a (e C) 

5 £ftlfU ^©Mmm'£m^TJilff#$iJgfilOOi£, 

C = m'g r , D = h r {€<?) 

10 ¥^Cni*M?>, 

C = m'g T mod n, D = h r mod n 

C = m'<7 r mod ra, D — h r mod n 

it IT 1-£ 0 

= mi 2 " mod n 

20 

£ftlf U -eo^^m'^-^t^-C^lfi- ^fl'JSfilOOte, 
C = m'i^ r mod 7i, D = h T ' mod n 

hm^j 8 is xummm 9 cfci^xti, it^^fg#^i£is^^5oo{i, 
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m\ = mi 2a mod n 



5 £ft^L, -€-©*£Hm*£fln^Ti£{f # flOgglOOli, 
C = m' 1 ^ F(mi) mod n, 5 = ^) modn 

10 ±£#Hifi^|{C*j^T> d (d^l) ©i^nOfBi^i^ffllT 
d£. d>i#£^»u £-rnte\ $ £K^£ft-L£-t!:£ c i*<T# &o 

<T, h r (eG) 
20 Sfcli. 

<7 r mod n, ft r mod n 
25 it1f#^J^fil00©IBH¥S (y^»M02tt£) i^flt, ^©<E£SS 
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5 mzmi^ZJ v*- : Jk/ v -tr- IS IE fc©A<STIii -So 

m&'ao t 1^-9 — fig^Ta^/c^, fc^x-rAtciiJB «* 

ft &<> 

ft £o 

T Bf ^ U T § if # © If fc iiHf $ ft £ o 

^©fifefC «£3|5©&§&j$llg^a<1£;bftT^£«* # ->Xf AClffl 



WO 00/45548 



PCT/JPOO/00475 



2 8 
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2 9 

fit * © 15 ffl 

l . 

• 5 € Z, yfc* = 1 (€ (?) 

• a -1 € Z 

10 t£ZW®m (H, s, a _1 ) £fPJ&U (IS U a _1 (iWPl^H©^i5c^^i 

• G : ^fB&T 

• H' : H 

15 • a € Z 

fcS&B§H (G.H'.g.h, a) £fPJ&U 

C = mV, D = /T (€ G) 

20 

tt-^L, (C, D, a)£B£-5§-;£<*: UTfjI^f^CSHf U 

iulSS:<f#(i, BUIBgff#flJge£flH^ aifiEIKS® (s. a" 1 ) 
l^T, ^(C,D,a)^b, 

77i = (CD 3 )" (€ H) 
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3 0 



5 2 . 

^Hfi&ii, ^Ifl^^ffl^Tiijf ^-^^Bf-^-YbL> g^f#(iBul£^^ 

• p, g : 3?$:, p = 3 (mod 4), 9 = 3 (mod 4) 

• s € Z, ^h" = 1 (mod pg) 

• /3 € Z, a/3 = 1 (mod lcm(p - 1, g - 1)) 

tt£*BS&j$ (p,"q,s, £) £fpj£L, 

15 

• Q,g,h,k,l € Z (0<g,/*<n) 

• n = p d g (d 

tlZ&mm (n, g, h, k, 1, a ) (<B L, k(ipq© hi* «y hS) , 

iHf^ffi, i£lf #$JStt£flH^ ¥35:m(0<ni<2 k " 2 )*> i^'a^r (0 
20 ^r^l) IZtt Li, 

C = m 2a £ r mod n, D = h r mod n 
£ft^£U JacobiIB-^a = (m/n)^ft^: b, (C, D, a)£Bg -^-^ £ LT fjIB 

25 Buieg^t^ii, mjiegjf mftmwi&mi^ mmwmm (p, q,s, & ) & 

mi^X, Bf ^-3^(C, D, a)^ 
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m llP = {CD 1 )^^ mod p, 
m \,g = (CD ) * mod 9 

*H-*U ^(m lf p . . lf q ), 0(-n lf p .»i f q). 0(»i f p- -» lf q ). 0 
-m lq )09*>, (x/n)=a^o0<x<2 k ~ 2 ^i|/c-r & ®^^3tm 
5 itS ({SU 0 fi^HAOfJ^SJC J:SZ/(p) x Z/(q)^ £Z/(pq) 

z i*#® i-rs^rasi^-^^feo 

3 . 

Z <!:*#ffl[<i:t5&iH«ll|tm 

15 

4 . 

ft*^ 3 iCfct^T, 

^i:^it, ^^^^ ^>n/c5i:gi4^^/c-ti-/c^^^^-2s6, m*^i 

20 £ 5 igffttS^fy 



25 5 . 
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6 . 

7 . 

ff^^f 6 o^jfetr J; vm^lkLtzm^X&W.^lk'f&Jj&fc&^x, 
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8 . 

Sftii, Sit ^#jigfi£m^ii£;&©xx y it, 

• p, q : MW., p = 3 (mod 4), 9 = 3 (mod 4) 

• /? € Z, a/3 = 1 (mod lcm(p -l,q-l)) 

tizmmm (p,q, >s) £fpj&u 

• a, A € Z 

• n=p d q (d teftW) 

15 (n.k, a) £<flsj& L (ffl. U k(±pq©t*y hg) , 

2Hf#{±, jaHf#fliJSgg£m^ ^;£m (0<m<2 n-kl ) C^tt, 



mi = (m0* 1 ® G(r)) || (r ffi H(mO fcl 0 G(r))) (0 < mi < 2*" 2 ) 

20 ^It^U (ill, G:{0, l} k0 -{0, l} n , H: {0, l} n -{0, l} k0 , 

U : 7>yj*&%L'Vh*), k = n + k 0 + 2i:-r^) , Jacobi IS#a = (ra 1 /n), 

C = m i 2q mod 71, 

25 



WO 00/45548 PCT/JPOO/00475 

3 4 



H<jiB§:fe#(i, mB^iB^^mm^mi^ mtzmmm (p,q, £) &m 

C^T, Bg-S§-£(C,a)^£>, 

"ii, P = o « mod p, 
i l9 = C * mod ^ 

£ft^U 0(m L p , mi q ), 0(-«i t p .« lf q ). ^(»l f p .-«i, q ). 0 
( ~ B 1, p' '"I, q } ®^ ^' (x/n)=a^o0<x<2 k " 2 ^l/;tx^'j <h It 
tt^L CiSU, <t> (± + SA©fiJ^^S{r J; £Z/(p) xZ/(q)^£>Z/(pq) 




' © <?(*' © # (sO)]"-* 1 if [«' © G(f © fl'(s / ))]* 1 = o*» 

otherwise 



9 . 

innate, ^mm^mi-xmrn T-f&vg^tL, ^m^imn^m 

• p, ? : p= 3 (mod 4), q = 3 (mod 4) 

• s € Z, gh a = 1 (mod 

• /? € Z„ a/3 = 1 (mod lcm(p - 1, q - \)) 
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tzzwmm (p, q. s, /8) ^fp^u, 

• <*,9,h,k,l € Z (0<s,/i<n) 
KZ&mm (n,g, h, k, 1, a) £f«U (§1, k«±pq©t" y hS) , 

ant#fi, mmmwmm&mi^ w-Xm co<m<2 n ~ kl ) &j;<mmr' 

(O^r'^1) KfcfLT, 

mj = (mO* 1 © G(r)j || (r © #(mO fcl © G(r))) (0 < mj < 2*~ 2 ) 

£ff-|ftL (III, G: {0, l} k0 — {0. l) n . H:{0, l} n -{0, l} k0 , iii®^ 
fl=7 >yi*MWi~Q3b t) , k = n + k 0 + 2<t-r^) , Jacobii2#a = (iD 1 /n), 

C = m 1 2a g r ' mod n, D = /i r ' mod n 

£ff-# U (C, D, a)£H£-5§-;£,±: IT ft! KSf? #tr it If U 

lu£Sf§#J±, BtFfaSm#ffl!lS6S*ffll^ itjgB^^li (p,q,s, £ ) £ 
ffl^T, Bf^-XCC, D, a)^, 

C = 777i 2or ^ r ' mod n, D — /i r ' mod n 



*iH*U 0(i lfpf M lfq ), 0(-m lf p ,m lf q ), ^("i.p.-B^q). 0 
(-"l f p . -m^ q )© 9 (x/n)=a^oO(x<2 k " 2 ^i/:tx^B' 1 tit 
ItgU (ML, tfti*BA©fBI&5£Sirj:£Z/(p)xZ/(q)a>£Z/(pq) 
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m' 1 =s'| |t' (s'lin'jCltnt*-; K t'liTOnfy h) iZMLT, 



IE Ll^f^'Ti ft 7^-? tz Z £&m#.-fZ) 



mtm\t, ^mm^m^xmm ^-^b^^l. ^m^^mm^m 

• P, q •■ p= 3 (mod 4), q = 3 (mod 4) 

• * € Z, gh a = 1 (mod pg) 

• 0€Z, a/3 = 1 (mod lcm (;> - l,q - 1)) 

(p. q, s, £) £fPJ&U 

• a,g,h,k,l£Z (0<g,h<n) 

#.S&B3ii (n, g, h, k, 1, a ) £fpj& L (IS U ktipq© tf y hi) , 

^iff#(i. Mit m^ms^mi^ (o<m<2 n ) tr*fux, 

mi = (m © G(r)) || (r © i7(m © G(r))) (0 < m x < 2 k ~ 2 ) 




1 0 . 
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3 7 

£fmu (iiu g:{o, n k0 -{o, n n , H:{o, n n ->{o, n k0 , 

/A7>nilT^, k = n + k Q + 2i:-f &) , Jacobiia-^a = (m 1 /n), 
5 C = m 1 V (mi) modji, £> = h F ( mi ) mod n 

£tnru (iiu f: {o, i} n+k0 -{o, n 1 ^^^ >yj»mm.') . 
cc, d, a)&m^jtt brmm^m^^mm u 

flUISSft#(±, BUie^ff ffl!St*il\ BU IE IBS It (p, q, S, yS ) £• 
10 ffll^T, Bgf-^-^tCC, D, a)*r>£, 

m liP = (CZ) - )^ mod p, 
m hq = (CD 3 )**? 11 mod q 

£ft» U, ^ (m lt p , m lf q ), 0 (-n lt p , m lf q ), 0 p> -m lf q ), 0 

15 p , -m lf )© o t>. (x/n)=a^o0<x<2 k " 2 ^lf:tx^m , 1 IT 

ft#L (<&U 0ti*SA©*J^^acJ:SZ/(p)xZ/(q)^t>Z/(pq) 

m' i =s' | 1 1' (s'tem'jCDJtiterit: ^ h, t'liTftkQ t" »y h) inatLT, 

20 m , = / s ' © ^ « * (O) if (C, D) = (C, D') 

* otherwise 

V 

£ftl£U cn^tf{b^it^ (ill, 

C" = mj 2 VM> mod n, D' = fc F <^> mod n 

25 
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3 8 



i i . 

i o (c*j^T, 

= mi 2 V (mi) mod /, Cj = mfgFW mod g 

£>; = h F < m > ) mod = h F < m i > mod 9 



C = C; (mod/), C = C; (modg), 

D = D' p (mod/), D = (mod?) 

{Cck^, (C, D)=(C\ D')£*«-r * 
1 2 . 

• />, 9 : p = 3 (mod 4), q = 3 (mod 4) 

• s € Z, #/i a = 1 (mod pq) 

• p E 1, a/? = 1 (mod lcm(p - 1, q - 1)) 
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ft 5 IBS© (p. Q. s, $ ) ^fFJlfc L, 

• a,g,h,k,l 6 Z (0<#,/i<n) 

• n = p d q (d \±^tW) 



5 (n, g, h, k, 1, a ) £f£/£ U (ill, k(ipq© t" M) , 

i£lf#(i, &fg#flJgg£fln^ (0<m<2 n ) KfcfOT. SLtfcr 

(0<r<2 k0 ) 

io £ft^u «&u, F:{o, n n+k0 -Mo, \) l \tm^fi^ y^^m^h^, 

k-n + kQ + 2 tf & ) , 

JacobifEL-^-a^mj/n), $5<i:Zf, 

C = nu 2 "/'""' mod n, D = fc F ( m ») mod n 

15 

(C, D, a)£Bg fXi UTiiljiBglf #JCi2Mf U 

iuiesM#ti. BufESft^ffioisa^ffit^ iuibibsb® (p. q. s. £) 

JBt^T. Bg-^CC, D, a)^ £, 

20 

mi iP — {CD") * mod p, 
mi,, = (CD 5 ) « mod g 

£-ftlf U 0 Cm j ^ p , q ). 0 ( -m l f p , m j > q ) , <t> (ij f p , -m^ q ), 0 

(_m l p' " m l, q )(D (x/^^^^^^^^i^tx^m'jilT 
25 ff-JTL (ill, 0 <i^HAcDfiJ^^ll(I i 5Z/(p) xZ/(q)*N t>Z/(pq) 
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4 0 

, ([mtf* if (C,D) = (C',D') 
m = < 

* otherwise 

5 

C' = m' x 2 V (m,,) mod n, D' = A F K) mo d n 
T£>*3, [a] n fc e J:a ; [a] n (i^tl^na©±'ti4oc};a c Tten b* y H^-To 

10 

1 3 . 

C; = mi 2 V (m;) mod p d , C' g = m' l 2a g F ^ mod q 

D' p = h F W> mod p d , D' q = h F W> mod q 

20 

C = C; (mod C = C' q (mod?), 

D = D' p (mod Z) = (mod g) 

(C,D) = (C',D , )*tItS 

25 

1 4 . 
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5 wm&m^wmwit, 

• p, q : p = 3 (mod 4), 9 = 3 (mod 4) 

• s € Z, gh" = 1 (mod pq) 

• 9 € Z, a/? = 1 (mod lcm(/> - 1, q - 1)) 

10 teZWmm (p, q, s, /3) £^J&-r&&^®4lJ&^JS:£, 

• a,g,h,k,l£Z (0<g,h<n) 

• n = p d q {d tt*m) 

(a,g,h,k,l,a) (4S U klipq© ti y h ft) £f^lJ- £ & 
15 ^H£j&^I£<t£iIx.. 

fjl^ff ^JSIfiii, ¥^m(0<ra<2 k " 2 )fe c fcO'SL^r (O^r^l) «r 
*f IT, 

C = m 2a g r mod n, D = h r mod n 

20 ^lt»C-r^^^i. JacobilS-§-a = (m/n)^ttg: U. (C, D, a) £Hg#:£ t 

mB^m ##J^S(i, fuiS$«^ (p, q,s, £) £ffl^T, "g^X 
(C, D, a)^t>, 



25 m liP = (CD 4 ) * ( * + } mod p, 

= (CD ) * mod q 
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4 2 

*tf»U, 0 (m lf p ,m lf q ), 0(-"i f p."i, q ). 0(m lf p . -B lf q ). 0 
(-m^ -m^ )© 9 (x/n)=a^o0(x<2 k " 2 ^i/;ffc© ({BU 

5 IfyXf A 0 
1 5 . 

15 

• p, q : ^^fc, p = 3 (mod 4), 9 = 3 (mod 4) 

• s € Z, ^/i" = 1 (mod pq) 

• /? € Z, a/? = 1 (mod lcm(j> - 1, <7 - 1)) 

(p, q, S, yS) ^fP^^-li-, 

20 

• a,g,h,k,l € Z (0 < /* < n) 

• n=p d g (d 

tt&&§§§i (n, g,h, k,l, a) £fFJ&$-£ k(ipq£Dt"y M) , 

luEitff^^iJ^ttir. ¥^ra(0<m<2 k_2 )fcc}:y c SL^r (O^r^l) (I 

25 *fLT, 

C = Tn 7o g r mod n, D = h r mod n 
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4 3 



£ff-££-ti-, JacobiiB-§-a = (m/n)£ii-g:£-£, (C, D, a ) £ Uf-f^ £ L T 

HiJl£SW##J^S{r. m%Zffl®m (P, q, s, £) £J8t^T. B£-5§-;£ 
(C, D, a)fr 



0 <±4 , BA<D3BI&£Str «fc SZ/(p) x Z/(q)^bZ/(pq)'\©lPS¥t 

1 6. 

• p, ? : ^^SC, p = 3 (mod 4), q = 3 (mod 4) 

• s € Z, <j/i* = 1 (mod pq) 

• p€Z, a3 = 1 (mod 1cm (p -1,9-1)) 

■tizmmm (p, q, s. tr^r^i-s, 



m liP = (CT> S ) 
m li9 = (C£>*) 



mod p, 
mod 9 




• a,g,h,k,l € Z (0 < g, h < n) 

• n = p d q (d IZ&gt) 
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4 4 



ttS&Klll (n, g, h, k, 1, a ) (ffi U k(ipq© t* >y hi) £fflt^T. 
^£m(0<m<2 k " 2 ):fc=fctf£L$:r (0£r£l) C^lT, 

C = m 2a g r mod n, D = h r mod n 



<t JacobilE,-§-a = (m/n)^-lt^l L, Bf-^XCC, D, a ) ££.J5£-T £ ¥S t , 



10 1 7. 

• p, <? : ^i®:, p = 3 (mod 4), g = 3 (mod 4) 

• s € Z, <7/i* = 1 (mod pq) 

15 • / 3eZ, a/3 = 1 (mod km (p -1,9-1)) 

/a^W (p.q.sj) ^Mt^fgi, 

• a,g,h,k,l € Z (0<sr,/i<n) 

• n = p^ (<f li^:) 

20 /JTS^Hii (n, g, h, k, 1, a ) (Ifi U • kiipq© ti" >y h g) & ^ 

tufe^lf lUIS^^M (n, g, h, k, 1, a ) £fflt^T. 

m(0<m<2 k_2 )fccfcD c gLar (OsSr^l) i:MLTftIU/:, 

C = m 2a £ r mod n, D — h r mod n 

25 

£Jacobi§£-5§-a = (m/n) tfr b^Jfitfc, Bf-S§- ;£((;, D, a)£§ff &^f£ 
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4 5 



HijfBBt-^-^CC, D, a)£. MiZWmM (p, Q, s, £ ) l^T, 



"*i,p = [CD ) * mod 
5 mi i9 = (C£> a ) * mod q 

* (B 1. P ,m l, q X 0( " In l, p' m l, q } * * (m l, p' ""I, q } ' ^ ( " n, l,p" 
m l q )©9t>, (x/n)=a^oO<x(2 k " 2 ^I/;tfeO (tl, 0<2^H 

AOfi^SSirJ: ^Z/(p)xZ/(q)^^Z/(pq)^©i^lS?t^It) 
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